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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

Claim 1 (currently amended): A method for managing file security attributes by a file 
server in a computer file storage system, the computer file storage system including a file 
secured using a first file security model the method comprising: 

receiving a first request from a Windows client relating to [[a]] the file stored in 
the computer file storage system , the client utilizing a second file security model ; 
d e t e rmining that th e fil e is a UNIX s e cur e d fil e ; 

retrieving a first set of UNIX file security attributes , in accordance with the first 
file security model associated with the file, the first set of UNIX file security attributes 
including at least a UNIX an owner identifier and a UNIX group identifier; and 

generating a second set of Windows file security attributes , in accordance with the 
second file security model from the first set of UNIX file security attributes, the second 
set of Windows file security attributes including a plurality of security identifiers (SID) 
including at least an owner SID derived from the UNIX owner identifier and a group SID 
derived from the UNIX group identifier, wherein at least one of the owner SID and the 
group SID includes at least one UNIX sp e cific map failure indicator and the 
corresponding UNIX identifier from the first set of file security attributes, wherein the 
map failure indicator indicates that said identifier relates to the first file security model 

Claim 2 (currently amended): A method according to claim 1, wherein the at least one 
UNIX sp e cific map failure indicator includes a UNIX sp e cific an authority identifier, 
specific to the first file security model having a value oth e r than the w e ll known 
authority id e ntifi e rs z e ro through fiv e and an owner/group indicator having a first value 
to indicate that the UNIX identifier is the UNIX owner identifier from the first set of 
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security attributes, and a second value to indicate that the UNIX identifier is the UNIX 
group identifier from the first set of security attributes . 

Claim 3 (currently amended): A method according to claim 1, wherein the at least one 
map failure UNIX specific indicator includes a UNIX sp e cific an authority identifier^ 
specific to the first file security model having a first value oth e r than th e w e ll - known 
authority id e ntifi e rs z e ro through fiv e to indicate that the UNIX identifier is the UNIX 
owner identifier from the first set of file security attributes and a second value oth e r than 
th e well known authority id e ntifi e rs z e ro through five to indicate that the UNIX identifier 
is the UNIX group identifie r from the first set of file security attributes . 

Claim 4 (currently amended): A method according to claim 1 , wherein generating a the 
second set of Windows file security attributes from the first set of UNIX file security 
attributes comprises: 

attempting to map each UNIX identifier from the first set of file security attributes 
to a corresponding Windows identifier from the second set of file security attributes ; and 

generating, for each UNIX identifier from the first set of file security attributes 
that cannot be mapped to a corresponding Windows identifier from the second set of file 
security attributes , the SID including the at least one map failure UNIX s p e cific indicator 
and the corresponding UNIX identifier from the first set of file security attributes . 

Claim 5 (currently amended): A method according to claim 4, wherein attempting to map 
each UNIX identifie r from the first set of file security attributes to a corresponding 
Windows identifier from the second set of file security attributes comprises: 

maintaining a table mapping UNIX a first set of names in accordance with the 
first file security model to Windows a second set of names in accordance with the second 
file security model ; 

determining a UNIX name from the first set of names corresponding to the UNIX 
identifier from the first set of file security attributes ; and 

searching the table for a Windows name from the second set of names 
corresponding to the UNIX name from the first set of names . 
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Claim 6 (currently amended): A method according to claim 5, wherein determining a 
UNIX name from the first set of names corresponding to the UNIX identifier from the 
first set of file security attributes comprises: 

maintaining a cache mapping UNIX identifiers from the first set of file security 
attributes to UNIX names in the first set of names ; and 

searching the cache for a UNIX name from the first set of names corresponding to 
the UNIX identifier from the first set of file security attributes . 

Claim 7 (currently amended): A method according to claim 5, wherein determining a 
UNIX name from the first set of names corresponding to the identifier from the first set 
of file security attributes comprises: 

sending the identifier from the first set of file security attributes over a 
communication link to a NIS server; and 

receiving the UNIX name from the first set of names over the communication link 
from the NIS server. 

Claim 8 (currently amended): A method according to claim 1, further comprising: 

transmitting the second set of Windows file security attributes to the Windows 
client in a response to the first request. 

Claim 9 (currently amended): A method according to claim 8, further comprising: 
receiving a second request from the Windows client utilizing the second file 

security model including at least one of said SIDs including at least one map failure 

UNIX - specific indicator and the corresponding UNIX identifier from the first set of file 

security attributes ; 

translating the at least one of said SIDs into a text string; and 

transmitting the text string to the Windows client in a response to the second 

request. 
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Claim 10 (currently amended): A method according to claim 9, wherein the text 
string includes a representation of the UNIX identifier from the SID. 

Claim 1 1 (currently amended): A method according to claim 1, wherein the first set 
of UNIX file security attributes includes a first set of UNIX file permissions, in 
accordance with the first file security model, and wherein generating the second set of 
Windows file security attributes from the first set of UNIX file security attributes further 
comprises: 

generating a second set of Windows file permissions, in accordance with the 
second file security model from the first set of UNIX file permissions. 

Claim 12 (currently amended): A method according to claim 11, wherein the 
request comprises at least one requested change to the security attributes of the file, and 
wherein the method further comprises: 

applying the requested security attribute changes to the second set of Windows 
file security attributes to create a modified set of Windows file security attributes in 
accordance with the second file security model ; and 

writing the modified set of Windows file security attributes to the file, said 
writing effectively changing the security model of the file from UNIX s e cur e d the first 
file security model to the second file security model Windows s e cur e d . 

Claim 13 (currently amended): A method according to claim 12, further 
comprising: 

receiving a second request from a UNIX client utilizing the first file security 
model relating to the file, the second request associated with a session, the session having 
a session owner and a session group; 

retrieving the modified set of Window s file security attributes for the file; and 
providing the UNIX client with owner access to the file, if the owner SID in the 
modified set of Windows file security attributes includes a UNIX an owner identifier in 
accordance with the first file security model and the session owner matches the UNIX 
owner identifier in the owner SID. 
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Claim 14 (currently amended): A method according to claim 12, further 
comprising: 

receiving a second request from a UNIX client utilizing the first file security 
model relating to the file, the second request associated with a session, the session having 
a session owner and a session group; 

retrieving the modified set of Windows file security attributes for the file; and 
providing the UNIX client with group access to the file, if the group SID in the 
modified set of Windows file security attributes includes a UNIX group identifier in 
accordance with the first file security model and the session group matches the UNIX 
group identifier in the group SID. 

Claim 15 (currently amended): A method according to claim 11, wherein 
generating the second set of Windows file permissions from the first set of UNIX file 
permissions comprises: 

translating the first set of UNIX file permissions into a second set of Windows file 
permissions, the second set of Windows file permissions defining owner permissions, 
group permissions, and everyone permissions; 

removing any rights from the owner that the owner would be granted implicitly 
but are not granted to either the group or to everyone; 

adding any rights that need to be explicitly denied to the owner and to the group; 

producing a set of access control elements ordered hierarchically; and 

removing any redundant permissions from the access control elements. 

Claim 16 (currently amended): An apparatus for managing file security attributes in 
a computer file storage system, the computer file storage system including a file secured 
using a first file security model the file associated with a first set of file security 
attributes including an owner identifier and a group identifier, the apparatus comprising: 

a network interface for communicating with clients over a communication 
network; 

a storage interface for communicating with a file storage device; and 
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file security logic operating between the network interface and the storage 
interface for managing file security attributes, the file security logic including logic for 
generating a second set of Windows file security attributes, in accordance with a second 
file security model, from the first set of UNIX file security attributes, the second set of 
Windows file security attributes including at least an owner SID derived from the UNIX 
owner identifier and a group SID derived from the UNIX group identifier, wherein at 
least one of the owner SID and the group SID includes at least one map failure UNIX 
sp e cific indicator and the corresponding UNIX identifier from the first set of file security 
attributes, wherein the map failure indicator indicates that said identifier relates to the 
first file security model . 

Claim 17 (currently amended): An apparatus according to claim 16, wherein the at 
least one map failure UNIX sp e cific indicator includes a UNIX sp e cific an authority 
identifier , specific to the first security model, having a valu e oth e r than th e w e ll known 
authority id e ntifiers z e ro through fiv e and an owner/group indicator having a first value 
to indicate that the UNB^identifier is the UNIX owner identifier from the first set of file 
security attributes and a second value to indicate that the UNIX identifier is the UNIX 
group identifier from the first set of file security attributes . 

Claim 18 (currently amended): An apparatus according to claim 16, wherein the at 
least one map failure UNIX sp e cific indicator includes a UNIX sp e cific an authority 
identifier , specific to the first file security model, having a first value oth e r than th e w e ll 
known authority id e ntifi e rs z e ro through fiv e to indicate that the UNIX identifier is the 
UNIX owner identifier from the first set of file security attributes and a second value 
oth e r than th e w e ll - known authority id e ntifi e rs z e ro through fiv e to indicate that the 
UNIX identifier is the UNIX group identifier from the first set of file security attributes . 

Claim 19 (currently amended): An apparatus according to claim 16, wherein the 
file security logic comprises: 

logic for mapping each UNIX identifier from the first set of file security attributes 
to a corresponding Windows identifie r from the second set of file security attributes ; and 
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logic for generating, for each UNIX identifier from the first set of file security 
attributes that cannot be mapped to a corresponding Windows identifier from the second 
set of file security attributes , the SID including the at least one map failure UNIX 
sp e cific indicator and the corresponding UNiX-identifier from the first set of file security 
attributes . 

Claim 20 (currently amended): An apparatus according to claim 19, further 
comprising a table mapping UNIX a first set of names, in accordance with the first file 
security model, to Windows a second set of names, in accordance with the second file 
security model, the file security logic determining a UNIX name from the first set of 
names corresponding to the UNIX identifier from the first set of file security attributes 
and searching the table for a Windows name from the second set of names corresponding 
to the UNIX name from the first set of names for mapping each UNIX identifier from the 
first set of file security attributes to a corresponding Windows identifier from the second 
set of file security attributes . 

Claim 21 (currently amended): An apparatus according to claim 20, further 
comprising a cache mapping UNIX identifiers from the first set of file security attributes 
to UNIX names in the first set of names , the file security logic searching the cache for a 
UNIX name from the first set of names corresponding to the UNIX identifier from the 
first set of file security attributes for determining a UNIX name from the first set of 
names corresponding to the UNIX identifier from the first set of file security attributes . 

Claim 22 (currently amended): An apparatus according to claim 20, wherein the 
file security logic sends the UNIX identifier from the first set of file security attributes 
over a communication link to a NIS server for determining a UNIX name from the first 
set of names corresponding to the UNIX identifier from the first set of file security 
attributes . 

Claim 23 (original): An apparatus according to claim 16, wherein the file security logic 
further comprises: 
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logic for translating the at least one of said SIDs into a text string. 

Claim 24 (currently amended): An apparatus according to claim 23, wherein the 
text string includes a representation of the UNIX identifier from the SID. 

Claim 25 (currently amended): A method according to claim 16, wherein the first 
set of UNIX file security attributes includes a first set of UNIX file permissions, in 
accordance with the first file security model , and wherein the file security logic further 
comprises: 

logic for generating a second set of Windows file permissions , in accordance with 
the second file security model , from the first set of UNIX file permissions. 

Claim 26 (currently amended): An apparatus according to claim 25, wherein the 
file security logic includes logic for receiving a request from a Windows client utilizing 
the second file security model, to modify file security attributes, applying the requested 
m e dications modifications to the second set of Windows file permissions to create a 
modified set of file security attributes in accordance with the second file security model , 
and writing the modified set of Windows file permissions to the storage device so as to 
effectively change the security model of the file from the first file security model to the 
second file security model . 

Claim 27 (currently amended): An apparatus according to claim 25, wherein the 
file security logic includes logic for controlling access to the file using the second set of 
Windows file permissions. 

Claim 28 (currently amended): An apparatus according to claim 25, wherein the 
file security logic includes logic for translating the first set of UNIX file permissions into 
a the second set of Windows file permissions, the second set of Windows file permissions 
defining owner permissions, group permissions, and everyone permissions; removing any 
rights from the owner that the owner would be granted implicitly but are not granted to 
either the group or to everyone; adding any rights that need to be explicitly denied to the 
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owner and to the group; producing a set of access control elements ordered 
hierarchically; and removing any redundant permissions from the access control 
elements. 

Claim 29 (currently amended): An apparatus for managing file security attributes in 
a computer file storage system, the apparatus comprising: 

means for translating a Unix an owner identifier in accordance with a first file 
security model into a Windows compatibl e an owner SID , compatible with a second file 
security model ; 

means for translating a UNIX group identifier in accordance with a first file 
security model into a Windows compatibl e own e r group SID , compatible with the second 
file security model ; and 

means for translating UNIX file access permissions , in accordance with a first file 
security model, into a Windows compatibl e an access control list , compatible with the 
second file security model . 

Claim 30 (currently amended): A method for generatin g, from a first set of file 
permissions in accordance with a first file security model a second set of Windows file 
permissions in accordance with a second file security model from a s e t of UNIX file 
p e rmissions , the method comprising: 

translating the first set of UNIX file permissions into a the second set of Windows 
file permissions, the second set of Windows file permissions defining owner permissions, 
group permissions, and everyone permissions; 

removing any rights from the owner that the owner would be granted implicitly 
but are not granted to either the group or to everyone; 

adding any rights that need to be explicitly denied to the owner and to the group; 

producing a set of access control elements ordered hierarchically; and 

removing any redundant permissions from the access control elements. 

Claim 31 (currently amended): A method comprising: 



Page 11 of 14 



Appl. No. 10/646,365 

Amdt. dated September 29, 2005 

Reply to Office action of June 29,2005 

receiving a security identifier (SID) including at least one map failure UNIX 
sp e cific indicator and a corresponding UNIX identifie r in accordance with a first file 
security model ; and 

translating the SID into a text string. 

Claim 32 (currently amended): A method according to claim 3 1 , wherein the text 
string includes a representation of the UNIX identifier from the SID. 

Claim 33 (currently amended): A method according to claim 31, wherein 
translating the SID into a text string comprises: 

transmitting a request to a translator over a communication network, the request 
including at least the UNIX identifier from the SID . 
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